I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

2018. GDPR rules include various components to regulate the handling of personally identifiable information for people living within European Union member countries. Fines for failing to follow GDPR rules can be steep: up to 4% of global revenue or 20 million euros -- whichever is greater.

GDPR empowers individuals by giving them access to their data. Under GDPR rules, individuals can move data from one repository to another and have their data removed from repositories completely.

GDPR also puts limits on data gathering and mandates that companies handling personal data provide breach notifications. In addition, organizations that process data from at least 5,000 individuals a year are required to appoint a data protection officer to ensure GDPR enforcement.

For organizations, the primary benefit of GDPR is harmonizing data privacy rules across the European Union. No longer will companies have to navigate a mix of varying regulations.

On the downside, GDPR rules will require companies operating in the European Union to ensure they are in compliance even if information gathered from EU citizens is stored or processed outside the EU.

Collaboration apps gather reams of data

The first step in any GDPR compliance approach is appointing a data protection officer. This position is required if you have data on more than 5,000 EU citizens, but it's potentially not a bad idea even if you're under that number.

Specific to unified communications and collaboration (UCC) applications, you'll want to conduct an impact assessment that addresses the following:

Ensure you're aware of what information you are capturing from individuals. For instance, does your UCC platform capture customer data, perhaps in messaging applications or call data records?

Know where data is stored. Is it on your servers, for example? Or, is it on a cloud provider's servers?

Understand how your suppliers ensure compliance. You might use cloud-based providers for applications such as CRM, customer engagement or customer collaboration. At a minimum, you'll want to ensure these providers are in compliance and can demonstrate their compliance capabilities to you. Some companies have already started sharing their GDPR compliance efforts.

Assess the risk of noncompliance or data breaches. Even the best security architectures are subject to unknown threats, as we saw with the emergence of Spectre and Meltdown. Work with your legal and risk management teams to understand your potential exposure and determine if you need to purchase breach insurance.

Log customer interactions accurately. Make sure you know what data you are capturing, where it is stored and processed, and how customers can opt out of data retention.

Develop a reporting mechanism. Under the GDPR rules, you'll need to report any breach within 72 hours of discovery.

Test and plan for potential breaches. Again, a key to a successful GDPR implementation strategy is taking the necessary steps before they occur, which means regular auditing, testing and planning for responses in the event of a data breach.

Communicate with your customers. Let your customers know the steps you've taken to ensure you are GDPR-compliant.

As with any compliance effort, UC leaders should work hand in hand with their legal and risk management functions to ensure they understand what is required. UC leaders need to implement certain controls to ensure they are meeting GDPR storage, reporting and customer access requirements.

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.